Ours go offsite, either with me or the network manager. As long as the tapes are encrypted, we don't see any issues with it.
Last edited by DrCheese; 4th February 2010 at 02:05 PM.
We have been told at our last two audits that backup tapes should not be taken offsite but placed in a fireproof safe onsite.
They did suggest if we really wanted them offsite then maybe partnering up with another local school and swapping tapes with them to be kept in each others fireproof safes.
Last edited by cookie_monster; 4th February 2010 at 02:37 PM.
Pretty much. It's honestly not that big a deal.Anyone whinging about it is more of a mug for making such a big deal about an issue which has been part of an IT managers life for decades.
If you can't encrypt or look after a simple tape, you really shouldn't be in any position of management.
Are there any remote backup solutions? I was planning to buy Sonic Wall when the new budget comes in.
If you are happy with the way you do things then good for you, but don't expect other people to follow your lead.
How about storing them at a local bank in a safe deposit box on the schools dime. Then at the very least you are only responsible for the transport to and from and the bank has probably already made sure that they can survive fire/flood/etc. I suppose this will not work if you are talking more then half a dozen or so Tapes.
I wouldn't even dream of taking ours home even if encrypted, way too much hassle. I won't even go down the road 2 miles to our data centre (other HQ building) and collect them from there and return them to our fireproof safe.
Don't like the idea of transporting the amount of data around we have, rather someone else have that headache.
Ok .. my take on this (and it is a general reply to both sides) is this.
1 - Backups should be encrypted and secure, even if kept on site. You may want to vary this if you do disk to disk to disk with using storage arrays in different buildings but this is because you are off-setting the encryption against the higher physical security (ie you make sure people do not have access to the room the remote storage arrays are in, never mind physically touching the devices themselves).
2 - As important as what you do is the policy behind it. You must have one ... it should be part of a disaster recovery plan ... or business continuity plan ... whichever angle your school has taken on it. You can pick up half decent back up strategies from a few places such as TechRepublic, Network Security Journal, BCS and not to mention the various whitepapers that come out from CA and others.
3 - If you are asked to do something reasonable by your employer then you need to have other options to suggest instead. Simply going on about "It's not my job" or "I'm not taking that risk" is pointless. You are in a position of responsibility and get paid for it. That responsibility is not about management, it is about your access and control to information and data. You are a SysAdmin. You have access to all and every piece of data (or sizable chunks) and as such you are a key person in a perfect position to pick up this section of control of data. If you want to do risk management on it then good, but it is risk management ... not buck passing. Deal with it professionally and you get dealt with professionally in return.
I've already asked before whether people would find a general backup strategy a good thing and asked folk to contribute ... and got very little response, but so thankful to those who have shared them so far. It has made me wonder how many people actually do have a backup policy / strategy, whether it is written down anywhere, whether it is signed off be senior managlement, whether it fits in with other strategies and policies in the school and whether it is reflected in the contracts for the IT staff.
Gibbo (8th February 2010)
I would be negligent in my duty if I were to ignore the possible flaws in taking data home without investigating alternative solutions or ensuring that individuals were protected.
The suggestion of working with another school is probably the most sensible one.
All you'd need then is a safe at both schools, encrypted media and you can drop them off once a week.
It isn't rocket science really.
No, it's not rocket science & yes NMs and techs should take some responsibility but, a limit has to be drawn on ACCOUNTABILITY
I do it and I'm not particularly happy doing it as I don't have the adequate storage for the policy drawn out. If one day some crackhead decides to steal the pretty yellow cartridge from my flat after sifting through my drawers and thinking because it's hidden it must be important... I want to know that I'm not going to get a savaging for it.
Some RBC's/LEA's offer remote backup solutions that can help cover many of the issues raised in this thread. Here is the solution offered here in Birmingham http://www.services.bgfl.org/myporta...eBackupNew.pdf
Last edited by eduabncs; 8th February 2010 at 02:05 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)